Microsoft uses racketeering law to seize servers, take down botnets

Employees of Microsoft seized servers in Pennsylvania and Illinois, and the …

On Friday, armed with a federal warrant and backed by U.S. Marshals, Microsoft employees raided web hosting centers in Scranton, Pennsylvania and Lombard, Illinois to seize servers and take possession of hundreds of Internet domain names. The actions were part of a global legal effort by Microsoft and partners to go directly after botnets through civil lawsuits.

In the suit, the organizations claimed that the phishing e-mails used to spread the botnet infringed on their trademarks and intellectual property. When recipients clicked on the links in the messages, the sites downloaded malware based on the Zeus botnet that could be used to take control of computers and steal personal data—including passwords and financial information—by recording what users typed.

The effort, called Operation b71, is the second time Microsoft has gone after botnet operations on its own rather than waiting for law enforcement to take action. Last March, Microsoft's Operation b107 took down the Ruckstock botnet. But b71 is the first time that Microsoft has gotten other organizations to join as plaintiffs in the civil suits used to after a botnet operator, and used RICO as a legal instrument to go after botnet operators. It's also the first time Microsoft has simultaneously moved against multiple botnets in a single seizure operation.

Sean Gallagher / Sean is Ars Technica's IT Editor. A former Navy officer, systems administrator, and network systems integrator with 20 years of IT journalism experience, he lives and works in Baltimore, Maryland.